Re: How to secure SQL website
From: Jens Süßmeyer (Jens_at_Remove_this_For_Contacting.sqlserver2005.de)
Date: 05/13/05
- Next message: Leo Quezada: "Re: INSERT an UPDATE permission denied on object"
- Previous message: Flying J: "How to secure SQL website"
- In reply to: Flying J: "How to secure SQL website"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 May 2005 21:50:54 +0200
That depends on the way you fire up your query to the server and the
provider you use for select your data.
Are ou building up Select query via some dynamic sql or do you use stored
procdures ? With those you can rather use Parameter Objects to fill the
stored procedures than building your "EXEC" Statement and fire that to the
database.
So the questions are, what method and what provider are you using ?
HTH, Jens SUessmeyer.
--- http://www.sqlserver2005.de --- "Flying J" <FlyingJ@discussions.microsoft.com> schrieb im Newsbeitrag news:C9028453-B149-4941-84B5-06ED9915E58B@microsoft.com... > I'm new to SQL and I've got a database setup to accept and return form > results on my website. SQL is provided by my webhost and obviously I have > a > username and password for it. But I've read about a potential for > unwelcome > invididuals to "inject" (think that's the word) data into my database - or > just wreck it via the web. I'd like to do whatever is necessary to > prevent > this from happening. > > Thanks, > > john > -- > Flying J
- Next message: Leo Quezada: "Re: INSERT an UPDATE permission denied on object"
- Previous message: Flying J: "How to secure SQL website"
- In reply to: Flying J: "How to secure SQL website"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
